Structured reporting on cybersecurity incidents, privacy harms, governance shifts, and AI operational risk — designed to be scanned quickly and revisited later.
How to use the archive
The archive is arranged to surface the clearest current signal first, then give you a fast read on what else has shifted across security, privacy, governance, infrastructure, surveillance, and AI risk.
Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. Anthropic released its newest fron…
Newest movement
Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack.
The UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute’s evaluation of Mytho…
New security development detected from Krebs on Security. Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in hum…
Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud.
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace.
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.
Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI.
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but…
Turns out that LLMs are really good at hiding text messages in other text messages.
Resetting a password doesn't always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep attackers authenticated after a reset. Password resets are often the first respons…
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan.
Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—defined as wagers of $2,500 or more at odds of 35 percent or less—on the platfo…
NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach.
New security development detected from Krebs on Security. An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the Un…
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. The U.S.
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks.
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems.
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion.
Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. Your security spend has roughly doubled in…
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version.
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. A phishing campaign delivered through Google sponsored search resu…
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month.
ICE is developing its own version of smart glasses, with facial recognition tied to various databases.
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website.
New governance development detected from EDPB News. Brussels, 5 May – On 9 May each year, Europeans celebrate the anniversary of the Schuman Declaration, the key moment which led to the creation of the EU as we know it today.
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats. Today, four organisations have newly joined the Common Vulnerabilit…
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities.
A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into ne…
Backups don't fail because they're missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before encryption, leaving no path to recovery. Written by Subramani Raom Senior Manager,…
The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective.
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services.
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands.
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility.
Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. Update: Added Microsoft's statem…
Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram's Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. Cybersecurity researchers have uncovered a l…
Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. Threat actors across underground forums…
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks.
French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agency for issuing and managing administrative documents. French authorities have detained a 15-year-…
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact.
Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients.
A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts.
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks.
New security development detected from Krebs on Security. A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of…
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February.
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems.
The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users' sites. The Quick Page/Post Redirect plugin, installed on more than 7…
New governance development detected from EDPB News. Brussels, 23 April – The EDPB is organising a remote stakeholder event in the context of its joint work with the European Commission on upcoming guidelines on the interplay between comp…
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks.
That’s a lot. No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our col…
A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. Most organizations are ri…
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key sof…
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company.
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned.
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets.
Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity.
Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third party accessed certain internal systems. Utility technology company Itron, Inc.
New governance development detected from EDPB News. Brussels, 27 April – Today marks the 10th anniversary of the GDPR’s adoption, the first comprehensive data protection framework spanning an entire continent, establishing clear rights f…
Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860.
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." Medical device giant Medtronic disclosed last week that hackers breached its network and accessed d…
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. A threat group tracked as UNC6692 uses social engineering to dep…
New security development detected from CISA Cybersecurity Advisories. CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures lik…
The new edition of ISO 14001 has been released, giving organizations a clearer, more effective way to turn environmental ambition into measurable results.
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication.
It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker ins…
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently.
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device.
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. CISA has given U.S.
404 Media reports (alternate site): The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push noti…
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption.
New governance development detected from EDPB News. Brussels, 23 April – The EDPB is organising a remote stakeholder event in the context of its joint work with the European Commission on upcoming guidelines on the interplay between comp…
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats. ENISA has released the updated National Capabilities Assessment fra…
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data.
ICE has admitted that it uses spyware from the Israeli company Graphite.
A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela.
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
New security development detected from Krebs on Security. A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft.
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.
New security development detected from CISA Cybersecurity Advisories. CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. The U.S.
Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding friction. Fraud prevention and user experience have long been treated as opposing…
New security development detected from CISA Cybersecurity Advisories. On March 31, 2026, two npm packages for versions axios@1.14.1 and axios@0.30.4 of Axios npm injected the malicious dependency plain-crypto-js@4.2.1 that downloads mult…
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate.
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters.
The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back. I don’t know. The article is convincing, but it’s written to be conv…
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Update 4/19/26: Added additional information from Vercel that was disclo…
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly popular in the Node Package Manager (npm)…
NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection. The new release adds automated replication, support for newer VMware vSphere and Proxmox versi…
Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security.
CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. The U.S.
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces.
The latest wave of "Operation PowerOFF," on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across 21 countries. More than 75,000 individuals using distributed denial-of-service (DDoS) platforms…
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions.
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations.
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication.
The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month.
New governance development detected from EDPB News. Brussels, 16 April – During its latest plenary, the EDPB has adopted Guidelines on processing of personal data for scientific research purposes.
Interesting research: “Humans expect rationality and cooperation from LLM opponents in strategic games.” Abstract: As Large Language Models (LLMs) integrate into our social and economic interactions, we need to deepen our understanding o…
A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. A new malware family named ‘AgingFly’ has be…
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
New security development detected from CISA Cybersecurity Advisories. CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data.
This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 1520 meters wide and up to 7 meters deep…
New security development detected from Krebs on Security. Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-…
New security development detected from CISA Cybersecurity Advisories. CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
New governance development detected from EDPB News. Brussels, 14 April - In line with the EDPB’s Helsinki Statement to make GDPR compliance easier and strengthen consistency across Europe, the EDPB has adopted a template for Data Protect…
Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers.
Interesting paper: “What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation.” Abstract: The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cy…
The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and ha…
All the leading AI chatbots are sycophantic, and that’s a problem: Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advi…
A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. Hackers started exploiting a critical vulnerability in the Marimo open-source reactive Py…
An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States.
Regulation is hard: The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a…
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers.
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan.
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. Threat actors using a previously undocumented phishing-as-a-s…
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools.
Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands.
New governance development detected from EDPB News. Brussels, 09 April - The European Data Protection Board (EDPB) has published its 2025 Annual Report.
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach.
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December.
AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI…
A $30,000 AI GPU doesn't outperform consumer GPUs at password cracking. Specops explains why attackers don't need exotic hardware to break weak passwords. Compute power is growing at an extraordinary pace.
New security development detected from Krebs on Security. Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security…
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen.
Cyber-attacks can severely impact personal lives and put patients at risk of harm. That’s why cybersecurity is vital for healthcare organizations to protect patient wellbeing and privacy at all times. Cybersecurity has become increasingl…
the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that,…
Every year, millions of employees suffer illnesses and injuries that could have been prevented. As workplaces modernize, one thing remains constant: the need to protect our most valuable asset – people. Work shouldn’t come with a health…
What if cities could move smarter? What if technology could transform how we travel, making urban environments cleaner, more efficient and connected? Across the globe, smart city mobility initiatives are turning these possibilities into…
New security development detected from Krebs on Security. An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face.
Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good…
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps.
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing pers…
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. The…
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year.
Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. the University of Mississippi Medical Cent…
Here’s a fossil of a 150-million year old fish that choked to death on a belemnite rostrum: the hard, internal shell of an extinct, squid-like animal. Original paper. As usual, you can also use this squid post to talk about the security…
Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform.
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware.
WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link) the recordings. It doesn’t use the Zoom record feature, so Zoom can’t do anything about it.
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats. ENISA launches a public consultation on the draft candidate EU Digi…
This is for new routers; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical in…
The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: “We will unleash the private sector by creating…
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities.
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.
Wired writes (alternate source): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable o…
Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but—even better—Menton has a long essay laying out the basic concepts and ideas…
Malicious Axios releases on npm reportedly delivered a cross-platform RAT, turning one of the ecosystem’s most widely used JavaScript dependencies into a supply-chain compromise with immediate developer impact.
Reporting says attackers used credentials exposed through the Trivy supply-chain campaign to breach a Cisco development environment and steal source code, showing how one ecosystem compromise can cascade into secondary enterprise intrusions.
Anthropic confirmed that internal Claude Code source files were exposed through an npm packaging error, turning a release workflow mistake into a supply-chain and competitive-intelligence event.
The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang.
Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it…
A thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording. The reason it’s tempting to think that a dedicated camer…
In my three decades of responding to catastrophic events around the world, I have often observed a curious human tendency to overlook the invisible foundations of our safety. We are meticulous about the visible – the aesthetic finish, co…
In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported ind…
The path to a net-zero future depends on every industry doing its part, and few are more pivotal than the steel and aluminium sectors. But they have a cost, particularly when it comes to their carbon footprint. By Noelia García Nebra, He…
This year’s World Economic Forum Annual Meeting took place during a moment of global uncertainty. Conversations often returned to the same underlying tension: We are innovating faster than ever, yet our ability to collaborate and coordin…
New security development detected from Krebs on Security. A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and w…
New governance development detected from EDPB News. Brussels, 23 March - On 17 March 2026, the EDPB conference “Cross-regulatory interplay and cooperation in the EU: a data protection perspective” took place in Brussels.
Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the NSA. Wyden wa…
Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes…
Threat actors are exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), enabling them to impersonate users and potentially take over administrative accounts.
The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Building confidence in sustainability claims worldwide. Sustainability claims are everywhere.
New governance development detected from EDPB News. Brussels, 19 March - The EDPB has launched its Coordinated Enforcement Framework (CEF) action for 2026*.
New governance development detected from EDPB News. Brussels, 19 March 2026 – The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the European Commission’s proposal…
New security development detected from Krebs on Security. The U.S.
Privacy-focused email provider Proton Mail provided Swiss authorities with payment data that the FBI used to identify an anonymous account affiliated with the Stop Cop City movement in Atlanta, court records show.
CISA is aware of malicious cyber activity targeting endpoint management systems following the March 2026 cyberattack against Stryker Corporation. The agency has issued best-practice guidance for securing Microsoft Intune and similar platforms.
CISA has added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation.
Researchers say a GlassWorm-linked campaign used stolen GitHub tokens to force-push obfuscated malware into Python repositories, turning account takeover into a stealthy software supply-chain distribution channel.
CISA has added CVE-2026-3909 in Google Skia and CVE-2026-3910 in Chromium V8 to the Known Exploited Vulnerabilities catalog, turning a routine patching task into a live exposure-management priority.
Meta says it will discontinue end-to-end encrypted chat support on Instagram after May 8, 2026, underscoring how optional privacy protections on large platforms can remain contingent on product priorities rather than durable rights.
The EDPB and EDPS say the proposed European Biotech Act can help reduce fragmentation in clinical-trials rules, but warn that simplification cannot come at the expense of clear safeguards for sensitive health data.
ESET says APT28 has used BEARDSHELL, SLIMAGENT, and a heavily modified COVENANT framework to maintain long-term surveillance of Ukrainian military targets while abusing legitimate cloud storage services for command and control.
CISA has added CVE-2025-68613, an n8n improper control of dynamically managed code resources vulnerability, to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation.
The FTC is seeking public comment on whether and how it should update its Negative Option Rule, reopening a policy battle over recurring billing, consent, and hard-to-cancel subscription models after years of complaints and contested rulemaking.
The FTC says it is sending more than $47.2 million to renters affected by Invitation Homes’ undisclosed fees and other unlawful charges, showing how housing-related consumer protection cases can end in large-scale financial remediation rather than just settlement headlines.
Researchers disclosed nine cross-tenant flaws in Google Looker Studio that could have enabled arbitrary SQL queries, data exfiltration, and destructive actions across victims’ cloud-connected data sources before Google patched them.
Google says a cryptocurrency firm was breached after a developer transferred a trojanized file from a personal device to a work device via AirDrop, enabling UNC4899 to pivot into cloud infrastructure and steal millions in digital assets.
CISA and international partners say attackers are actively exploiting Cisco SD-WAN systems and urge organisations to inventory assets, patch immediately, collect forensic artifacts, and hunt for compromise.
EU privacy regulators say the Digital Omnibus proposal can simplify compliance, but warn that narrowing the definition of personal data would weaken data protection.
The EDPB has signed a joint Global Privacy Assembly statement warning that AI-generated imagery and video can create serious privacy, dignity, and safety harms when real people are depicted without consent.
A coordinated European enforcement action found recurring problems with how organisations handle GDPR erasure requests, including weak procedures, inconsistent deletion practices, and difficulties around backups and anonymisation.
The EDPB says its 2026–2027 work programme will focus on making GDPR compliance easier through ready-to-use templates, including materials for legitimate interest assessments, privacy notices, data breach notifications, and DPIAs.
The European Commission has entrusted ENISA with operating the EU Cybersecurity Reserve, creating a €36 million mechanism to provide incident response support during major cyber incidents.
ENISA has published technical implementation guidance for the NIS2 Implementing Regulation, giving digital infrastructure and managed service providers a more practical map for turning legal obligations into concrete security measures.
ENISA’s 2025 threat landscape report says Europe is facing overlapping pressure from hacktivism, ransomware, phishing, vulnerability exploitation, and state-aligned cyber activity across critical sectors.
The FTC says it will not take COPPA enforcement action against certain operators using age-verification tools solely to determine age, provided they meet strict limits on use, retention, disclosure, notice, security, and accuracy.
A 2025 multi-agency update on Akira ransomware highlights continued attacks on critical sectors, with emphasis on edge-device exploitation, credential abuse, remote admin tooling, and faster encryption variants.
A joint CISA, FBI, and ASD advisory update says Play ransomware has hit roughly 900 entities and remains active across multiple regions and sectors.
The EDPB’s blockchain guidance focuses on privacy by design, DPIAs, data minimisation, and the risks of storing personal data in immutable systems.
An EDPB update on cross-border data requests and AI training signals a more operational European privacy-governance agenda for organisations handling sensitive data.
A 2025 EDPB-backed report on LLM privacy risks focuses on concrete mitigations and real-world deployment scenarios rather than abstract AI principles.
The UK ICO says Reddit processed children’s data unlawfully, failed to implement robust age assurance, and did not complete a relevant DPIA before January 2025.
The UK ICO’s investigations into TikTok, Reddit, and Imgur signaled a broader regulatory focus on recommender systems, age assurance, and how platforms structurally handle children’s data.
The UK ICO fined MediaLab over Imgur’s handling of children’s data, citing absent age checks, unlawful processing of under-13 data, and failure to carry out a DPIA.
CISA and partner agencies say Interlock ransomware activity is affecting businesses and critical infrastructure, with current guidance focused on access control, segmentation, patching, and phishing defense.
A security and privacy watchlist covering student cyber safety policy, AI workplace tooling risk, and emerging privacy-governance signals worth monitoring.
Weak privacy controls can make AI systems harder to deploy, govern, and defend over time, turning privacy into an operational AI risk question.
Student cyber safety is emerging as a global policy issue as schools face AI-enabled fraud, platform abuse, manipulation, and surveillance risk.
AI security risk is increasingly concentrated in extensions, browser flows, workplace tooling, and other user-facing interfaces rather than models alone.